Characteristic formulae
(1989)

Tools

"... One of the most successful techniques for automatic verification is that of model checking. For finite automata there exist since long extremely efficient model-checking algorithms, and in the last few years these algorithms have been made applicable to the verification of real-time automata usi ..."

One of the most successful techniques for automatic verification is that of model checking. For finite automata there exist since long extremely efficient model-checking algorithms, and in the last few years these algorithms have been made applicable to the verification of real-time automata using the region-techniques of Alur and Dill. In this

"... In this paper, we present a constraint-oriented state-based proof methodology for concurrent software systems which exploits compositionality and abstraction for the reduction of the verification problem under investigation. Formal basis for this methodology are Modal Transition Systems allowing loo ..."

In this paper, we present a constraint-oriented state-based proof methodology for concurrent software systems which exploits compositionality and abstraction for the reduction of the verification problem under investigation. Formal basis for this methodology are Modal Transition Systems allowing loose state-based specifications, which can be refined by successively adding constraints. Key concepts of our method are projective views, separation of proof obligations, Skolemization and abstraction. The method is even applicable to real time systems. 1 Introduction The use of formal methods and in particular formal verification of concurrent systems, interactive or fully automatic, is still limited to very specific problem classes. For state-based methods this is mainly due to the state explosion problem: the state graph of a concurrent systems grows exponentially with the number of its parallel components, leading to an unmanageable size for most practically relevant systems. Consequentl...

"... The paper develops a framework that is based on the idea that modal logic provides an appropriate framework for the specification of data flow analysis (DFA) algorithms as soon as programs are represented as models of the logic. This can be exploited to construct a DFA-generator that generates effic ..."

The paper develops a framework that is based on the idea that modal logic provides an appropriate framework for the specification of data flow analysis (DFA) algorithms as soon as programs are represented as models of the logic. This can be exploited to construct a DFA-generator that generates efficient implementations of DFA-algorithms from modal specifications by partially evaluating a specific model checker with respect to the specifying modal formula. Moreover, the use of a modal logic as specification language for DFA-algorithms supports the compositional development of specifications and structured proofs of properties of DFA-algorithms. -- The framework is illustrated by means of a real life example: the problem of determining optimal computation points within flow graphs.

"... Abstract. This paper establishes a strong completeness property of composi-tional program logics for pure and imperative higher-order functions introduced in [18, 16, 17, 19, 3]. This property, called descriptive completeness, says that for each program there is an assertion fully describing the pro ..."

Abstract. This paper establishes a strong completeness property of composi-tional program logics for pure and imperative higher-order functions introduced in [18, 16, 17, 19, 3]. This property, called descriptive completeness, says that for each program there is an assertion fully describing the program’s behaviour up to the standard observational semantics. This formula is inductively calculable from the program text alone. As a consequence we obtain the first relative completeness result for compositional logics of pure and imperative call-by-value higher-order functions in the full type hierarchy. 1

...isfied by a diverging program. Dually for total correctness. A related concept are the characteristic formulae of Hennessy-Milner logics, which precisely characterise a CCS process up to bisimilarity =-=[12, 31, 32]-=-. We shift this notion from a process logic to a program logic, establishing descriptive completeness of Hoare logics for pure and imperative higher-order functions introduced in [2, 15, 17, 18]. 1sIn...

"... . We present a fixpoint-analysis machine, for the efficient computation of homogeneous, hierarchical, and alternating fixpoints over regular, context-free/push-down and macro models. Applications of such fixpoint computations include intra- and interprocedural data flow analysis, model checking for ..."

. We present a fixpoint-analysis machine, for the efficient computation of homogeneous, hierarchical, and alternating fixpoints over regular, context-free/push-down and macro models. Applications of such fixpoint computations include intra- and interprocedural data flow analysis, model checking for various temporal logics, and the verification of behavioural relations between distributed systems. The fixpoint-analysis machine identifies an adequate (parameterized) level for a uniform treatment of all those problems, which, despite its uniformity, outperforms the `standard iteration based&apos; special purpose tools usually by factors around 10, even if the additional compilation time is taken into account. 1 Introduction and Motivation A great number of analysis and verification problems such as abstract interpretation, data flow analysis, model checking, determination of behavioural relations between distributed systems, hardware verification and synthesis, etc., boil down to the computa...

"... The Concurrency Workbench is an automated tool that caters for the analysis of concurrent finite-state processes expressed in Milner's Calculus of Communicating Systems. Its key feature is its scope: a variety of different verification methods, including equivalence checking, preorder checking ..."

The Concurrency Workbench is an automated tool that caters for the analysis of concurrent finite-state processes expressed in Milner&apos;s Calculus of Communicating Systems. Its key feature is its scope: a variety of different verification methods, including equivalence checking, preorder checking, and model checking, are supported for several different process semantics. One experience from our work is that a large number of interesting verification methods can be formulated as combinations of a small number of primitive algorithms. The Workbench has been applied to examples involving the verification of communications protocols and mutual exclusion algorithms and has proven a valuable aid in teaching and research. We will present the architecture of the Workbench and illustrate the verification methods through some simple examples.

"... Abstract. We present jETI, a redesign of the Electronic Tools Inte-gration platform (ETI), that addresses the major issues and concerns accumulated over seven years of experience with tool providers, tool users and students. Most important was here the reduction of the ef-fort for integrating and up ..."

Abstract. We present jETI, a redesign of the Electronic Tools Inte-gration platform (ETI), that addresses the major issues and concerns accumulated over seven years of experience with tool providers, tool users and students. Most important was here the reduction of the ef-fort for integrating and updating tools. jETI combines Eclipse with Web Services functionality in order to provide (1) lightweight remote com-ponent (tool) integration, (2) distributed component (tool) libraries, (3) a graphical coordination environment, and (4) a distributed execution environment. These features will be illustrated in the course of building and executing remote heterogeneous tool sequences. 1

"... The modal mu-calculus is an expressive logic that can be used to specify safety and liveness properties of concurrent systems represented as labeled transition systems (LTSs). We show that Model Checking in the Modal Mu-Calculus (MCMMC) --- the problem of checking whether an LTS is a model of a form ..."

The modal mu-calculus is an expressive logic that can be used to specify safety and liveness properties of concurrent systems represented as labeled transition systems (LTSs). We show that Model Checking in the Modal Mu-Calculus (MCMMC) --- the problem of checking whether an LTS is a model of a formula of the propositional modal mu-calculus --- is P-hard even for a very restrictive version of the problem involving the alternation-free fragment. In particular, MCMMC is P-hard even if the formula is fixed and alternationfree, and the LTS is deterministic, acyclic, and has fan-in and fan-out bounded by 2. The reduction used is from a restricted version of the circuit value problem known as Synchronous Alternating Monotone Fanout 2 Circuit Value Problem. Our P-hardness result is tight in the sense that placing any further non-trivial restrictions on either the formula or the LTS results in membership in NC for MCMMC. Specifically, we exhibit NC-algorithms for two potentially useful versio...

..., for one can use this result as the basis for another proof of the P-hardness of MCMMC: as shown in [CS91], bisimulation checking can be reduced to MCMMC by model checking the characteristic formula =-=[Ste89]-=- of one of the LTSs against the other LTS. Moreover, it is not difficult to see that only log-space is needed when using CS-logic. The resulting P-hardness result, however, is weaker than our own on a...

"... In this paper we present an environment for the development of special purpose heterogeneous analysis and verification tools, which is unique in 1) constituting a framework for the development of application specific heterogeneous tools and 2) providing facilities for the automation of the synthesis ..."

In this paper we present an environment for the development of special purpose heterogeneous analysis and verification tools, which is unique in 1) constituting a framework for the development of application specific heterogeneous tools and 2) providing facilities for the automation of the synthesis process. Based on a specification language that uniformly combines taxonomic component specifications, interface conditions, and ordering constraints, our method adds a global view to conventional single component retrieval. Following a user session, we illustrate the interactive synthesis process, which supports the inclusion of a satisfactory new software component into the repository by proposing an appropriately precomputed default taxonomic classification. This guarantees convenient retrieval for later reuse.

by
A. Fantechi, S. Gnesi, A. Maggiore
- In Int. Workshop on Test and Analysis of Component Based Syst. (TACOS), 2004, to appear in Electronic Notes in Theoretical Computer Science

"... The automatic detection of unreachable coverage goals and generation of tests for ”corner-case” scenarios is crucial to make testing and simulation based verification more effective. In this paper we address the problem of coverability analysis and test case generation in modular and component based ..."

The automatic detection of unreachable coverage goals and generation of tests for ”corner-case” scenarios is crucial to make testing and simulation based verification more effective. In this paper we address the problem of coverability analysis and test case generation in modular and component based systems. We propose a technique that, given an uncovered branch in a component, either establishes that the branch cannot be covered or produces a test case at the system level which covers the branch. The technique is based on the use of counterexamples returned by model checkers, and exploits compositionality to cope with large state spaces typical of real applications.

...o provide a formula expressing “there exists no path with a sequence of actions recognized by the counterexample automaton”. This can be achieved by giving the characteristic formula of the automaton =-=[2,15]-=-, that is, a formula which describes completely the automaton itself. Actually, we need only the existential part of the characteristic formula, and we adopt the method shown in [9] to give an ACTL ch...